Mailing ListWe invite you to subscribe to our socio-technical security mailing list
The term "socio-technical" means a reciprocal relationship between technology and people.
Successful attacks on information systems often exploit not only IT systems and networks, but also the human element in the system. It is critical to limit technical vulnerabilities and insecure user behavior, but also poorly designed user interfaces, and unclear or unrealistic security policies. To improve the security of systems, technology and policies must consider the characteristics of the users, where research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives. When there is a good 'fit' of technology to users, workable security policies and targeted behavioral support can augment technical security.
Finding the right balance between technical and social security measures remains largely unexplored, which motivates the need for the STAST workshop. Currently, different security communities (theoretical security, systems security, usable security, and security management) rarely work together. There remains a need for focused, holistic research in socio-technical security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions.
The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with users of varying expertise and diverse needs. The workshop aims at bringing together experts in various areas of computer security and in social and behavioral sciences.
STAST is a one day workshop.